[gtk-doc] scan: remove one sprintf and guard one statuc buffer.

[Stefan Kost <stefkost src gnome org>]

commit a37604f464f59e33b21900dd803e5d27c3997bb3
Author: Stefan Kost <ensonic users sf net>
Date:   Wed Apr 29 12:59:14 2009 +0300

    scan: remove one sprintf and guard one statuc buffer.
    
    We use some fixed size strings to format the output, which might be dangerous.
    What is left now is that output_object_signal() should use g_string or snprintf
    with the remaining length.
---
 gtkdoc-scangobj.in |   18 +++++++++---------
 gtkdoc-scanobj.in  |   19 +++++++++----------
 2 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/gtkdoc-scangobj.in b/gtkdoc-scangobj.in
index aa6f5f0..f7c6c21 100644
--- a/gtkdoc-scangobj.in
+++ b/gtkdoc-scangobj.in
@@ -313,8 +313,8 @@ output_object_signal (FILE *fp,
   GSignalQuery query_info;
   const gchar *type_name, *ret_type, *object_arg, *arg_name;
   gchar *pos, *object_arg_lower;
-  gboolean is_pointer;
-  gchar ret_type_buffer[1024], buffer[1024];
+  gboolean is_pointer;                                   
+  gchar buffer[1024];
   guint i, param;
   const gchar **arg_names;
   gint param_num, widget_num, event_num, callback_num;
@@ -329,10 +329,6 @@ output_object_signal (FILE *fp,
 
   g_signal_query (signal_id, &query_info);
 
-  /* Output the return type and function name. */
-  ret_type = get_type_name (query_info.return_type & ~G_SIGNAL_TYPE_STATIC_SCOPE, &is_pointer);
-  sprintf (ret_type_buffer, "%s%s", ret_type, is_pointer ? "*" : "");
-
   /* Output the signal object type and the argument name. We assume the
      type is a pointer - I think that is OK. We remove "Gtk" or "Gnome" and
      convert to lower case for the argument name. */
@@ -355,7 +351,8 @@ output_object_signal (FILE *fp,
   g_free(object_arg_lower);
 
   /* Convert signal name to use underscores rather than dashes '-'. */
-  strcpy (signal_name, query_info.signal_name);
+  strncpy (signal_name, query_info.signal_name, 127);
+  signal_name[127] = '\0';
   for (i = 0; signal_name[i]; i++)
     {
       if (signal_name[i] == '-')
@@ -441,9 +438,12 @@ output_object_signal (FILE *fp,
     *pos++ = 'h';
   *pos = 0;
 
+  /* Output the return type and function name. */
+  ret_type = get_type_name (query_info.return_type & ~G_SIGNAL_TYPE_STATIC_SCOPE, &is_pointer);
+
   fprintf (fp,
-	   "<SIGNAL>\\n<NAME>%s::%s</NAME>\\n<RETURNS>%s</RETURNS>\\n<FLAGS>%s</FLAGS>\\n%s</SIGNAL>\\n\\n",
-	   object_name, query_info.signal_name, ret_type_buffer, flags, buffer);
+	   "<SIGNAL>\\n<NAME>%s::%s</NAME>\\n<RETURNS>%s%s</RETURNS>\\n<FLAGS>%s</FLAGS>\\n%s</SIGNAL>\\n\\n",
+	   object_name, query_info.signal_name, ret_type, is_pointer ? "*" : "", flags, buffer);
 }
 
 
diff --git a/gtkdoc-scanobj.in b/gtkdoc-scanobj.in
index cae42aa..983dcf6 100755
--- a/gtkdoc-scanobj.in
+++ b/gtkdoc-scanobj.in
@@ -248,14 +248,13 @@ output_widget_signal (FILE *fp,
   GtkSignalQuery *query_info;
   gchar *ret_type, *pos, *type_name, *arg_name, *object_arg, *object_arg_start;
   gboolean is_pointer;
-  gchar ret_type_buffer[1024], buffer[1024];
+  gchar buffer[1024];
   guint i, param;
   gchar **arg_names;
   gint param_num, widget_num, event_num, callback_num;
   gint *arg_num;
   gchar signal_name[128];
 
-
   /*  g_print ("Object: %s Type: %i Signal: %u\\n", object_name, object_type,
       signal_id);*/
 
@@ -269,10 +268,6 @@ output_widget_signal (FILE *fp,
       return;
     }
 
-  /* Output the return type and function name. */
-  ret_type = get_type_name (query_info->return_val, &is_pointer);
-  sprintf (ret_type_buffer, "%s%s", ret_type, is_pointer ? "*" : "");
-
   /* Output the signal object type and the argument name. We assume the
      type is a pointer - I think that is OK. We remove "Gtk" or "Gnome" and
      convert to lower case for the argument name. */
@@ -295,7 +290,8 @@ output_widget_signal (FILE *fp,
     widget_num++;
   
   /* Convert signal name to use underscores rather than dashes '-'. */
-  strcpy (signal_name, query_info->signal_name);
+  strncpy (signal_name, query_info->signal_name, 127);
+  signal_name[127] = '\0';
   for (i = 0; signal_name[i]; i++)
     {
       if (signal_name[i] == '-')
@@ -357,10 +353,13 @@ output_widget_signal (FILE *fp,
 		*arg_num += 1;
 	}
     }
-  
+
+  /* Output the return type and function name. */
+  ret_type = get_type_name (query_info->return_val, &is_pointer);
+
   fprintf (fp,
-	   "<SIGNAL>\\n<NAME>%s::%s</NAME>\\n<RETURNS>%s</RETURNS>\\n%s</SIGNAL>\\n\\n",
-	   object_name, query_info->signal_name, ret_type_buffer, buffer);
+	   "<SIGNAL>\\n<NAME>%s::%s</NAME>\\n<RETURNS>%s%s</RETURNS>\\n%s</SIGNAL>\\n\\n",
+	   object_name, query_info->signal_name, ret_type, is_pointer ? "*" : "", buffer);
   g_free (query_info);
 }